Thursday, April 28, 2005

Ann and I have been trying to understand the GooglePray guestbook spammer better. He has found a way to force visitors to his "search" to send out his spam.

His code is rather confusing and neither of us being javascript experts doesn't help. But we have learned a lot. He has iframes that load about:blank, but they are named after the forms he is using to spam other sites. There is also some ActiveX (clsid:2D360201-FFF5-11d1-8D03-00A0C959BC0A) that appears to be an exploit to allow the script to access your clipboard and allows cross frame access. That could be what the empty iframes are for, I wasn't able to figure that part out. There is some other odd javascript that seems to be redirecting to different links, maybe its loading those iframes. That bit of code:

I realized that much of that Javascript code is from Google. It doesn't seem to do what I guessed at all though it does have something to do with links at least. Some of it adds an onMouseOver text on Google Ads that says "go to sitename." I still don't get the ga function, but it also seems Google Ads releated.

Strike back at the scum spamming guestbooks, wikis and blogsMore on the war against the socially inept guestbook pests This is a post from the blogmaster here at Bob's blog in regards to my boycott UMAX thread and guestbook spammers in general:And I will be cross posting this at interested links.Apparently the attention these Idiot Children is receiving is working.They have been chased off a few servers by complaints and by people with a much more technical savvy than I have.Thanks to all the following bloggers and webmasters:http://spamhuntress.comhttp://www.berduszek.art.plhttp://chongq.blogspot.comPlease read their very well done research at the following links:http://www.berduszek.art.pl/guestbook/addentry.phphttp://spamhuntress.com/2005/04/27/googlepray/ http://spamhuntress.com/2005/04/29/googlepray-spammer-hits-back/ http://spamhuntress.com/2005/05/03/the-vendetta-against-neil-taylor/ http://spamhuntress.com/2005/05/05/umax-spammer-drops-hijacker/ http://spamhuntress.com/2005/05/05/ev1-booted-sids-spamming-bot/http://berduszek.art.pl/guestbook/addentry.php http://wiki.chongqed.org//GooglePray http://spamhuntress.com/w/index.php?title=The_Umax-search_spammer&action=submithttp://forum.ev1servers.net/showthread.php?t=55947 http://buffoons.blogspot.com/2005/06/new-beginning-for-umax-ppc-spammer.htmlhttp://buffoons.blogspot.com/2005/02/umax-spam-continued.htmlhttp://buffoons.blogspot.com/2005/04/im-not-alone-umax-spam-is-affecting.htmlhttp://buffoons.blogspot.com/2005/04/spam-huntress-is-after-umax-ppc.htmlhttp://buffoons.blogspot.com/2005/04/screw-everyones-internet-and-umax-ppc.htmlhttp://chongq.blogspot.com/2005/04/googlepray-tricks.htmlhttp://spam.gunters.org/archive/2005/05/15/umax-spammer-revengehttp://spam.gunters.org/archive/2005/05/05/umax-spammer-drops-hijackerhttp://wiki.chongqed.org/WikiForumArchive_May2005http://spammers.chongqed.org/&first_char=uhttp://www.techspot.com/vb/all/windows/t-20009-A-way-to-strike-back-at-the-scum-spamming-my-guestbook.htmlAnd this one shows what real idiot's these children are:http://chongq.blogspot.com/2004/06/email-from-hakdata.htmlAnd if you would like to submit a Wiki or Blog spammer try this link:http://chongqed.org/submit.html And of course my thread should be on this listhttp://www.bobonit.com/html/2005/04/boycott-umax-umax-search-problem.html

I have noticed Idiot Sid/Dimitry has taken our reports personally he is now spamming with a message saying that myself and others such as spamhuntress are spamming here is an example of his post on a guestbook (http://www.lightfeather.net/guestbook.html) which was attacked = Wiki Spammers: bobonit.com, wiki.chongqed.org, spamhuntress.com, spam.gunters.org,buffoons.blogspot.com, have been spamming wikis, blogs, or guest books

A better example is: ...!Wiki Spammers: bobonit.com, wiki.chongqed.org, spamhuntress.com, spam.gunters.org, buffoons.blogspot.com, have been spamming wikis, blogs, or guest books with the keyword spam any domain to improve their page rank on Google and other search engines. Wiki Spam Solutions. There have been a number of proposals for dealing with WikiSpam.[url]http://umax-se.com/login/GOOGLE+SPAM/baikalguide+Wiki+Spammers:[/url]....Posted by: specific911 at May 12, 2005 05:42 PM Note the specific 911 link is not an e-mail address but links to the same page as the post?

More importantly I may of found his database check out this link http://fullup.org/gb.dat

We are winning this war keep up the attacks on these idiots, I wish I could really take 2x4 to one of them upside the head!BobFrom Bob's News Blog - http://www.bobonit.com/html/bob_blog.html